Skip to main content
close menu
close menu

Search UK HealthCare

Public Notices

UK HealthCare Public Notice, July 6, 2018

UK HealthCare gave a lab report to the incorrect patient. The lab report contained the patient’s name, date of birth, medical record number, date of service, and clinical information. It did not contain the patient’s social security number, or financial information. UK HealthCare notified the affected individual.

A UK HealthCare employee gave an appointment reminder to the incorrect patient. The information on the appointment reminder was limited to the patient’s name, address, date and time of appointment and physician. UK HealthCare notified the affected individual. 

UK HealthCare mailed a health summary to the incorrect recipient. The information included the patient’s identifiers and treatment information. It did not contain the patient’s social security number, or financial information. UK HealthCare notified the affected individual.

A UK HealthCare employee emailed patient information to the incorrect recipient. The information included the patient’s identifiers and clinical notes about their care from a referring provider. UK HealthCare notified the affected individual.

UK HealthCare pharmacy mailed medications to two incorrect patients. The information included with the prescriptions was limited to the patient’s identifiers and information about the prescriptions. UK HealthCare notified the affected individuals.

UK HealthCare mailed a billing statement to the incorrect recipient.  The information included the patient’s identifiers and treatment information.  It did not contain the patient’s social security number, or financial information.  UK HealthCare notified the affected individual.

UK HealthCare scheduled an appointment with the incorrect patient; this caused a patient’s appointment reminder to be given to the incorrect recipient.  The information was limited to the patient’s identifiers and their appointment information. It did not contain the patient’s phone number, birthdate, social security number, insurance information, or financial information. UK HealthCare notified the affected individual.

A UK HealthCare employee emailed patient information to the incorrect recipient.  The information included the patient’s identifiers and clinical notes about their care from a referring provider.  UK HealthCare notified the affected individual.

UK HealthCare pharmacy mailed medications to the incorrect patient. The information included with the prescriptions was limited to the patient’s identifiers and information about the prescriptions. UK HealthCare notified the affected individual.

 

 

UK HealthCare Public Notice, June 1, 2018

 

UK HealthCare gave a lab report to the incorrect patient. The lab report contained the patient’s name, date of birth, medical record number, date of service, and clinical information. It did not contain the patient’s social security number, or financial information. UK HealthCare notified the affected individual.

A UK HealthCare employee gave an appointment reminder to the incorrect patient. The information on the appointment reminder was limited to the patient’s name, address, date and time of appointment and physician. UK HealthCare notified the affected individual. 

UK HealthCare mailed a health summary to the incorrect recipient. The information included the patient’s identifiers and treatment information. It did not contain the patient’s social security number, or financial information. UK HealthCare notified the affected individual.

A UK HealthCare employee emailed patient information to the incorrect recipient. The information included the patient’s identifiers and clinical notes about their care from a referring provider. UK HealthCare notified the affected individual.

UK HealthCare pharmacy mailed medications to two incorrect patients. The information included with the prescriptions was limited to the patient’s identifiers and information about the prescriptions. UK HealthCare notified the affected individuals.

UK HealthCare mailed a billing statement to the incorrect recipient.  The information included the patient’s identifiers and treatment information.  It did not contain the patient’s social security number, or financial information.  UK HealthCare notified the affected individual.

UK HealthCare scheduled an appointment with the incorrect patient; this caused a patient’s appointment reminder to be given to the incorrect recipient.  The information was limited to the patient’s identifiers and their appointment information. It did not contain the patient’s phone number, birthdate, social security number, insurance information, or financial information. UK HealthCare notified the affected individual.

A UK HealthCare employee emailed patient information to the incorrect recipient.  The information included the patient’s identifiers and clinical notes about their care from a referring provider.  UK HealthCare notified the affected individual.

UK HealthCare pharmacy mailed medications to the incorrect patient. The information included with the prescriptions was limited to the patient’s identifiers and information about the prescriptions. UK HealthCare notified the affected individual.


 

UK HealthCare Public Notice, June 1, 2018

On two separate occasions, UK HealthCare mailed a billing statement to the incorrect recipients.  The information included the patients’ identifiers and treatment information.  It did not contain the patients’ social security numbers, or financial information.  UK HealthCare notified the affected individuals.

On four separate occasions, UK Healthcare employees accessed the medical records of multiple patients outside their scope of duty. The information accessed was limited to the patients’ identifiers and information about their specific UK HealthCare visits.  UK HealthCare notified the affected individuals.

  A UK HealthCare employee included more than the minimum necessary information for 77 patients in standard court filings. The information released included billing details for the patients. UK HealthCare notified the affected individuals.


UK HealthCare Public Notice, May 8, 2018

UK HealthCare is notifying patients of an incident that may have exposed their information held by Nuance, Inc., a contractor that provides transcription services to UK HealthCare. Patients affected by the incident were mailed letters with detailed information about the incident and information about credit monitoring services.

On Dec. 21, 2017, Nuance contacted UK HealthCare to notify us that an unauthorized party had accessed certain patient reports held by Nuance. Nuance retained a leading cybersecurity firm to conduct an investigation and engaged law enforcement. The FBI investigation determined the unauthorized party accessed patient information but did not sell, copy nor further distribute the data accessed. Because of this ongoing criminal investigation, UK HealthCare was prohibited from notifying affected patients of the incident until the investigation concluded.

The reports accessed included patient identifying information and transcription notes about their visit to UK HealthCare. This unauthorized access was limited to Nuance technology systems only and did not include any of data or health information held by UK HealthCare.

As a precaution, Nuance, in consultation with UK HealthCare, has arranged to have AllClear ID protect the identity of affected patients for 24 months at no cost. Patients affected by this incident were mailed information about the steps to self-enroll in a credit protection program.

The Federal Trade Commission suggests the following steps to prevent possible misuse of information:

Stay alert for the signs of identity theft, like:

  • Accounts you did not open and debts on your accounts you cannot explain.
  • Fraudulent or inaccurate information on your credit reports, including accounts and personal information, like your Social Security number, address(es), name or initials, and employers.
  • Failing to receive bills or other mail. Follow up with creditors if your bills do not arrive on time.
  • Receiving credit cards that you did not apply for.
  • Being denied credit or being offered less favorable credit terms, like a high interest rate, for no apparent reason.
  • Getting calls or letters from debt collectors or businesses about merchandise or services you did not buy.

Order your free annual credit report:

Individuals may contact any or all of the three major Credit Reporting Agencies if you want to further learn about identity theft protection services offered by the credit reporting agencies. The contact information is:

Equifax
P.O. Box 740241
Atlanta, GA 30374-0241
800-685-1111

Experian
P.O. Box 2104
Allen, TX 75013-0949
888-EXPERIAN (397-3742)

Trans Union
P.O. Box 1000
Chester, PA 19022
800-916-8800

Both the federal government and Kentucky state government offer consumer protection agencies. The contact information for the consumer protection agencies is below:

Federal Trade Commission
600 Pennsylvania Avenue, NW
Washington, DC 20580
Telephone: 202-326-2222

Office of the Attorney General
700 Capitol Avenue, Suite 118
Frankfort, Kentucky 40601-3449
Consumer Protection — 888-432-9257

As a result of the incident, Nuance has taken the affected information system offline. Nuance also has increased security protections around its current transcription service information system.

Questions regarding the incident can be directed to the UK HealthCare privacy office. This office is reachable toll-free at 877-528-3970.

 

  • Recommendations

    What You Can Do

    For any incident, UK HealthCare recommends the following steps to prevent any possible misuse of personal information.

    Stay Alert For the Signs of Identity Theft

    • Accounts you didn't open and debts on your accounts that you can't explain.
    • Fraudulent or inaccurate information on your credit reports, including accounts and personal information, like your Social Security number, address(es), name or initials, and employers.
    • Failing to receive bills or other mail. Follow up with creditors if your bills don't arrive on time.
    • Receiving credit cards that you didn't apply for.
    • Being denied credit or being offered less favorable credit terms, like a high interest rate, for no apparent reason.
    • Getting calls or letters from debt collectors or businesses about merchandise or services you didn’t buy.